[ Index ]

PHP Cross Reference of phpBB-3.2.8-deutsch

title

Body

[close]

/includes/ucp/ -> ucp_remind.php (source)

   1  <?php
   2  /**
   3  *
   4  * This file is part of the phpBB Forum Software package.
   5  *
   6  * @copyright (c) phpBB Limited <https://www.phpbb.com>
   7  * @license GNU General Public License, version 2 (GPL-2.0)
   8  *
   9  * For full copyright and license information, please see
  10  * the docs/CREDITS.txt file.
  11  *
  12  */
  13  
  14  /**
  15  * @ignore
  16  */
  17  if (!defined('IN_PHPBB'))
  18  {
  19      exit;
  20  }
  21  
  22  /**
  23  * ucp_remind
  24  * Sending password reminders
  25  */
  26  class ucp_remind
  27  {
  28      var $u_action;
  29  
  30  	function main($id, $mode)
  31      {
  32          global $config, $phpbb_root_path, $phpEx, $request;
  33          global $db, $user, $template, $phpbb_container, $phpbb_dispatcher;
  34  
  35          if (!$config['allow_password_reset'])
  36          {
  37              trigger_error($user->lang('UCP_PASSWORD_RESET_DISABLED', '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'));
  38          }
  39  
  40          $username    = $request->variable('username', '', true);
  41          $email        = strtolower($request->variable('email', ''));
  42          $submit        = (isset($_POST['submit'])) ? true : false;
  43  
  44          add_form_key('ucp_remind');
  45  
  46          if ($submit)
  47          {
  48              if (!check_form_key('ucp_remind'))
  49              {
  50                  trigger_error('FORM_INVALID');
  51              }
  52  
  53              if (empty($email))
  54              {
  55                  trigger_error('NO_EMAIL_USER');
  56              }
  57  
  58              $sql_array = array(
  59                  'SELECT'    => 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason',
  60                  'FROM'        => array(USERS_TABLE => 'u'),
  61                  'WHERE'        => "user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "'" .
  62                      (!empty($username) ? " AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'" : ''),
  63              );
  64  
  65              /**
  66              * Change SQL query for fetching user data
  67              *
  68              * @event core.ucp_remind_modify_select_sql
  69              * @var    string    email        User's email from the form
  70              * @var    string    username    User's username from the form
  71              * @var    array    sql_array    Fully assembled SQL query with keys SELECT, FROM, WHERE
  72              * @since 3.1.11-RC1
  73              */
  74              $vars = array(
  75                  'email',
  76                  'username',
  77                  'sql_array',
  78              );
  79              extract($phpbb_dispatcher->trigger_event('core.ucp_remind_modify_select_sql', compact($vars)));
  80  
  81              $sql = $db->sql_build_query('SELECT', $sql_array);
  82              $result = $db->sql_query_limit($sql, 2); // don't waste resources on more rows than we need
  83              $rowset = $db->sql_fetchrowset($result);
  84  
  85              if (count($rowset) > 1)
  86              {
  87                  $db->sql_freeresult($result);
  88  
  89                  $template->assign_vars(array(
  90                      'USERNAME_REQUIRED'    => true,
  91                      'EMAIL'                => $email,
  92                  ));
  93              }
  94              else
  95              {
  96                  $message = $user->lang['PASSWORD_UPDATED_IF_EXISTED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
  97  
  98                  if (empty($rowset))
  99                  {
 100                      trigger_error($message);
 101                  }
 102  
 103                  $user_row = $rowset[0];
 104                  $db->sql_freeresult($result);
 105  
 106                  if (!$user_row)
 107                  {
 108                      trigger_error($message);
 109                  }
 110  
 111                  if ($user_row['user_type'] == USER_IGNORE || $user_row['user_type'] == USER_INACTIVE)
 112                  {
 113                      trigger_error($message);
 114                  }
 115  
 116                  // Check users permissions
 117                  $auth2 = new \phpbb\auth\auth();
 118                  $auth2->acl($user_row);
 119  
 120                  if (!$auth2->acl_get('u_chgpasswd'))
 121                  {
 122                      trigger_error($message);
 123                  }
 124  
 125                  $server_url = generate_board_url();
 126  
 127                  // Make password at least 8 characters long, make it longer if admin wants to.
 128                  // gen_rand_string() however has a limit of 12 or 13.
 129                  $user_password = gen_rand_string_friendly(max(8, mt_rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars'])));
 130  
 131                  // For the activation key a random length between 6 and 10 will do.
 132                  $user_actkey = gen_rand_string(mt_rand(6, 10));
 133  
 134                  // Instantiate passwords manager
 135                  /* @var $manager \phpbb\passwords\manager */
 136                  $passwords_manager = $phpbb_container->get('passwords.manager');
 137  
 138                  $sql = 'UPDATE ' . USERS_TABLE . "
 139                      SET user_newpasswd = '" . $db->sql_escape($passwords_manager->hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "'
 140                      WHERE user_id = " . $user_row['user_id'];
 141                  $db->sql_query($sql);
 142  
 143                  include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
 144  
 145                  $messenger = new messenger(false);
 146  
 147                  $messenger->template('user_activate_passwd', $user_row['user_lang']);
 148  
 149                  $messenger->set_addresses($user_row);
 150  
 151                  $messenger->anti_abuse_headers($config, $user);
 152  
 153                  $messenger->assign_vars(array(
 154                      'USERNAME'        => htmlspecialchars_decode($user_row['username']),
 155                      'PASSWORD'        => htmlspecialchars_decode($user_password),
 156                      'U_ACTIVATE'    => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey")
 157                  );
 158  
 159                  $messenger->send($user_row['user_notify_type']);
 160  
 161                  trigger_error($message);
 162              }
 163          }
 164  
 165          $template->assign_vars(array(
 166              'USERNAME'            => $username,
 167              'EMAIL'                => $email,
 168              'S_PROFILE_ACTION'    => append_sid($phpbb_root_path . 'ucp.' . $phpEx, 'mode=sendpassword'))
 169          );
 170  
 171          $this->tpl_name = 'ucp_remind';
 172          $this->page_title = 'UCP_REMIND';
 173      }
 174  }


Generated: Tue Apr 7 19:42:26 2020 Cross-referenced by PHPXref 0.7.1